Wanna Cry ransomware highlights (Windows) elephant in the room

Submitted by Dave on Sun, 14/05/2017 - 12:51

When we last blogged about the prominent strain of Microsoft Windows-specific ransomware known as CryptoLocker, we predicted that it would be swiftly followed by ". . . many variants . . . in the near future." In the time since CryptoLocker, Windows-based ransomware schemes have indeed proliferated, culminating today in Wanna Cry—a ransomware exploit affecting businesses on a massive scale.

As reported by Ars Technica, England's National Health Service was the first high-profile organisation to be severely affected. The vast number of networked, insecure Windows systems enabled Wanna Cry to then spread rapidly to over 100 other countries—with a number of New Zealand businesses expected to fall victim (see reports here and here).

As highlighted in our blog on CryptoLocker, the same observations can be made regarding the omission of facts contained in industry press and vendor responses to Wanna Cry, namely:

It's specific to Windows only

It exploits a long-standing, unaddressed flaw in Windows—adding to Microsoft's decades-long, abysmal security track record

While Wanna Cry attacks are underway, we expect to only hear more about the crippled productivity and financial fallout from affected businesses. Our recommendation, however, is simple: reducing the attack surface, and migrating to a non-Windows OS—such as Ubuntu Linux—is the most effective preventative measure.